Настройка SAML SSO для OneLogin

To set up Crowdin Enterprise SAML SSO in your OneLogin, follow the steps below.

Add OneLogin SAML Test (IdP) from the App Catalog

  1. Open the OneLogin Admin Console using an administrator account.
  2. From the Admin Console page, go to Applications.
  3. To add a new application, click Add App.
  4. On the Find Applications page, type OneLogin SAML Test (IdP) in the search box.
  5. Select OneLogin SAML Test (IdP) from the search results list. Wait a few seconds while the app is being added.
  6. Update or rename the Display Name (for example to Crowdin Enterprise).
  7. (Optional) Replace default app icons with a PNG or SVG file for your Crowdin Enterprise SSO app. You can find the Crowdin icon on the Using the Crowdin Logo page, click Save.
  8. You are now in the Info tab. Click the Configuration tab. Enter your Crowdin Enterprise service provider details here and click Save to proceed.

    SAML Consumer URL:
    https://accounts.crowdin.com/saml2/{your-organization-name}/acs
    SAML Audience:
    https://accounts.crowdin.com/saml2/{your-organization-name}/metadata
    SAML Recipient:
    https://accounts.crowdin.com/saml2/{your-organization-name}/acs
    SAML Single Logout URL:
    https://accounts.crowdin.com/saml2/{your-organization-name}/slo
    ACS URL Validator:
    ^https:\/\/accounts\.crowdin\.com\/saml2\/{your-organization-name}\/acs$

    Note: Make sure to replace {your-organization-name} with your real Crowdin Enterprise organization name.
  9. Navigate to the SSO tab in OneLogin and copy the Issuer URL, SAML 2.0 Endpoint (HTTP), and X.509 Certificate. To copy the X.509 certificate, click View Details.
  10. In a separate browser tab or window, log in to your Crowdin Enterprise Organization, open the Organization Settings > Authentication page, at the bottom of the Authentication methods list click on SAML.
  11. Enter the information you copied in Step 8 (paste in the Issuer URL in the Identity Provider Issuer field, SAML 2.0 Endpoint (HTTP) in the SAML SSO Endpoint field, and X.509 certificate to the Public Certificate field), click Save.
  12. Select the checkbox next to SAML in the Authentication methods list so that your users could use it as the desired authentication method to log in to your Crowdin Enterprise organization from the login page.

Назначить пользователей

In this section, you’ll grant users access to your new Crowdin Enterprise SAML SSO app.

  1. Open the OneLogin Admin Console using an administrator account.
  2. From the Admin Console page, go to Applications.
  3. Click on your new Crowdin Enterprise SAML SSO app.
  4. Navigate to the Access tab and specify the roles that should have access to this app. If you don’t have the necessary role you can add a new role via Users > Roles specifying access to the needed apps. You can assign users to a new role via Users page.

Test SSO

  1. On the Crowdin Enterprise login page, select your organization and click Log in.
  2. Click on SAML. You should be automatically redirected to the OneLogin login page.
  3. Enter your login credentials. After your login credentials are authenticated, you’re automatically redirected to Crowdin Enterprise.

Была ли эта статья полезной?